Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2018227024) USE OF DEVICE RISK EVALUATION TO MANAGE ACCESS TO SERVICES
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

What is claimed is:

1 . A method, comprising:

receiving a request regarding access by a first computing device to a service; in response to the request, performing, by a second computing device, an

evaluation of a configuration of the first computing device, wherein the evaluation comprises determining a risk level; and

performing, by the second computing device, an action based on the evaluation, wherein the action comprises sending a communication to a computing device of an identity provider, the communication indicating the risk level.

2. The method of claim 1 , wherein the service is provided by a third computing device, and the request is received from the first computing device or from the third computing device.

3. The method of claim 1 , wherein the evaluation determines that the configuration is not secure, and the action further comprises blocking access by the first computing device to the service.

4. The method of claim 1 , wherein the service is provided by a third computing device, the method further comprises receiving first data from the first computing device that is used in the evaluation, and the action further comprises sending the first data to the third computing device.

5. The method of claim 4, wherein the first data is received from a software component installed on the first computing device, and the software component obtains the first data from the first computing device.

6. The method of claim 1 , wherein the action further comprises sending a communication to a third computing device that grants access to the service by the first computing device, wherein software is installed on the first computing device, and wherein the evaluation comprises at least one of determining a source of the software, evaluating authenticity of the software, or analyzing at least one component of the

7. The method of claim 1 , wherein the evaluation determines an extent of security risk for the configuration of the first computing device, and wherein an extent of access to the service provided to the first computing device is based on the determined extent of security risk.

8. The method of claim 1 , wherein the evaluation determines that the configuration passes a security threshold, and the action further comprises sending a communication to a third computing device regarding the passed security threshold.

9. The method of claim 1 , wherein a third computing device provides the service, and the method further comprises:

generating a token for the first computing device, the token comprising first data encoding the risk level from the evaluation; and

providing the token to the first computing device, wherein the first data is used by the third computing device to configure the service provided to the first computing device.

10. The method of claim 9, wherein the third computing device is configured to determine, using the first data, a risk state associated with providing service to the first computing device.

1 1. The method of claim 1 , wherein the service is provided by a third computing device, and the method further comprises:

extracting first data from a communication received from the first computing

device or the third computing device, wherein the communication includes the request, or the communication is received subsequent to receiving the request; and

performing the evaluation using the first data.

12. The method of claim 1 , wherein:

the request regarding access to the service is generated by an application

executing on the first computing device;

performing the evaluation comprises determining an authenticity of the

application; and

performing the evaluation further comprises assessing a context of a user of the first computing device, the context comprising at least one of: a location of the first computing device,

a device location for a prior login made to the service by the user, an event associated with a presence of the user on a computing device other than the first computing device, or

credentials associated with the user that have become unsecure.

13. The method of claim 1 , wherein the first computing device is associated with a domain, the method further comprises receiving a communication from a third computing device associated with the domain, and the evaluation comprises using data from the communication to evaluate the configuration of the first computing device.

14. The method of claim 1 , wherein access to the service requires that a software component is installed on the first computing device, and the method further comprises: in response to determining that the software component is not installed on the first computing device, sending a communication to the first computing device requesting installation of the software component;

after sending the communication, determining that the software component is installed on the first computing device; and

in response to determining that the software component is installed on the first computing device, sending a communication to cause a third computing device to grant the access to the service.

15. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a first computing device to:

receive a request regarding access by a second computing device to a service; in response to the request, perform an evaluation of the second computing

device; and

perform, by at least one processor, an action based on the evaluation, the action comprising sending a communication to a computing device of an identity provider.

16. The non-transitory computer-readable storage medium of claim 15, wherein the instructions further cause the first computing device to receive security data from a software component installed on the second computing device, wherein the evaluation is performed using the security data to determine a security state of the second computing device, and wherein the action further comprises authorizing access to the service by the second computing device at an access level dependent on the

determined security state.

17. A system, comprising:

at least one processor of a first computing device; and

memory storing instructions configured to instruct the at least one processor to: receive a request regarding access by a second computing device to a service;

in response to the request, perform an evaluation of the second

computing device; and

perform an action based on the evaluation, the action comprising sending a communication to a computing device of an identity provider.

18. The system of claim 17, wherein a third computing device provides the service, and the first computing device is recorded by the third computing device as an identity provider for requests to access the service.

19. The system of claim 18, wherein a fourth computing device is an identity provider, and the action further comprises sending a communication from the first computing device to the fourth computing device that authorizes access to the service by the second computing device,

20. The system of claim 17, wherein the instructions are further configured to instruct the at least one processor to receive security state information regarding a state of the second computing device, wherein the evaluation is performed using the security state information to determine a security state of the second computing device, wherein the action further comprises authorizing access to the service by the second computing device at an access level depending on the determined security state, and wherein the security state information comprises at least one of a device identifier, a configuration, a setting, information on a security event, or a device state.